Firewalls are the primary defense mechanisms against network security threats. A firewall is a system that can be positioned between any two networks to control the passage of data traffic in and out of these networks. Typically, the two networks are the internal, trusted, network and the Internet [1]. Firewalls have evolved since their inception as packet filters in the early 90’s to include stateful inspections, proxies, unified threat management (UTM) systems and next generation firewalls (NGFW).

Packet filtering is the basic function of the firewall. Inbound and outbound data traffic must be sent to the firewall but only authorized traffic is allowed to pass through it, as defined by a security policy. This filtering capability of firewalls is so basic that is often included in routers [2].

In stateful inspection, the firewall analyzes the passing packets up to the application layer and derive the context (the state) of the incoming and outgoing traffic and create virtual session information. Out-of-context packets, such as incoming packets that are not preceded by outgoing requests, are not allowed into the network; thus improving security greatly [3].

A firewall proxy is an application layer software that acts as an intermediary between two end hosts. Each end host is forced to connect with the proxy rather the directly with the other end host. This allows the firewall to inspect the packets up to the application layer to determine if they are allowed to pass [4].

Traditional firewalls alone became ineffective protection against many new types of security threats and other systems were needed. UTM appliances combine these systems in a single box to simplify their deployment and management. The UTMs commonly include intrusion detection/prevention systems (IDS/IPS), malware blocking, and content filtering, in addition to stateful packet filtering [5].

UTMs implement multiple security functions using separate internal engines. Packets may need to pass through these engines multiple times, which hinders performance. NGFWs, on the other hand, implement the security functions by passing packets through the firewall only once. Another key feature of NGFWs is the ability to identify and filter applications, including web applications, and use deep packet inspection to detect anomalies and malware [6].